Tagged Questions

A web browser is an application which uses http and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer, and management.

My email-provider's website (http://www.gmx.de) recently started linking to the (German) site http://www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site's ...

A quick Google search doesn't reveal whether it is important to logout of webapps (online banking, Amazon, Facebook, etc.), or if I am safe just closing the tab or browser. I am sure I heard on some ...

Clipboard abuse from websites
Many websites use JavaScript or CSS to stealthily insert or replace text in the user's clipboard whenever they copy information from the page. As far as I know this is ...

I have been asking myself for a while what's the purpose of that popup showing up in pretty much all the modern browsers upon entering the full-screen mode of a video or website.
It appears to be a ...

Currently, there is an HTML form/input attribute called autocomplete, which, when set to off, disables autocomplete/autofill for that form or element.
Some banks seem to use this to prevent password ...

Lots of sites these days, that don't deal with sensitive data, enable encryption. I think it's mostly to make (paranoid?) users feel safer. In cases where there is a user's account being logged in, ...

It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone ...

I can't really fully understand what same origin domain means. I know it means that when getting a resource from another domain (say a JS file) it will run from the context of the domain that serves ...

If I bring the mouse pointer to a link, but not click on it, I can see in the left/bottom corner that it displays the URL of it.
Q: Could this URL (in the left/bottom) be different from the one that ...

I've received a spam from one of my friends (well I'm sure he didn't send it). so there's this link, and i'd thought what exactly would be the implications of clicking the link (i've not clicked it ...

I recently followed a discussion, where one person was stating that passing the session id as url parameter is insecure and that cookies should be used instead. The other person said the opposite and ...

Client browser certificates seem to be a nice way to protect sites from intruders - it is impossible to guess and should be harder to steal. Of course, they do not solve all the problems, but they add ...

I've recently read Google Chrome: The End of Drive-By Downloads. Is it true to say that drive-by-downloads are history in Google Chrome?
So if I have a link (from a spam email) I can right-click >> ...

Let's say there's a URL www.badjs.com which is untrusted and may contain bad scripts.
Intuitively, a view-source navigation to that URL does not execute any scripts so it should be safe. It would at ...

I know Firefox 8 stores it's passwords in a SQLite database, which can easily be stolen with access to the HDD!
What about Thunderbird 8? How does it store the passwords and how can one retieve them?
...

I just started to create a new web application. In the documentation, it is written that I have to prepare for the situation where users have disabled cookies. This is not the first time I have read ...

A hypothetical online store that accepts credit card payment will have to be PCI compliant because it receives (transmit), process and possibly store credit card numbers.
But the client's web browser ...

I recently learned about a plugin for Firefox called Fire Sheep, which was featured on the Security Now podcast. I downloaded F.S. and began examining it. To my surprise it includes C++ code that must ...

Do anonymous browsers work? What principles do they use? Can I use them to test access to my web site? Can I detect if a visitor is using one? What is the different between traditional and anonymous ...

Is HSTS good to use even if my servers are configured to use HTTPS (Even if HTTP is used, the rewrite rules in apache makes it to HTTPS)
Also does HSTS make even the resources like CSS, images to be ...

I was amazed that IE 8, Safari, Firefox were hacked so fast. Is it really Chrome so good or it was not tested?
Has anyone other results of independent investigations about security of web browsers?
...

After i saw many people using Chrome i wanted to inform myself on this browser and everything concerning it as i am a Firefox user since it existed. However i am always afraid of Google being a "data ...

Recently I started to live without RC4 within my Firefox session. Discussion about it can be found here. While it is quite easy in Firefox (Enter about:config and then rc4), I found no possibility to ...

Again, I must mention that I have just started to learn about security. So, please bear with my newbie questions.
If I receive a shortened URL from somewhere, say in an my-email or in a social media ...

I just read this post and it proposes a method of storing SSL fingerprints online so that you can double check that your certificates have not been tampered with.
But is it really relevant or useful? ...